Ruby on Rails Secrets.yml
[英]Ruby on Rails Secrets.yml
问题描述
I just want to make sure I'm not misinterpreting this but if I am using environment variables in my config/secrets.yml file should I still be concerned about pushing it to a public repo? 
我只是想确保我不会误解这一点,但是如果我在config / secrets.yml文件中使用环境变量,我是否仍应担心将其推送到公共存储库? I see many posts about adding this file to git-ignore to protect credentials but if they're passed in as environment variables it shouldn't be a problem correct? 我看到许多关于将此文件添加到git-ignore以保护凭据的帖子,但是如果将它们作为环境变量传递进来,那应该不是问题吗?
3 个解决方案
解决方案1
2 2016-11-17 16:59:57
As long as you put your secrets in gitignore and make sure they are variables, it will be ok! 只要将您的秘密放入gitignore并确保它们是变量,就可以了! You should definitely check out Figaro, as it handles that for you 您绝对应该查看Figaro,因为它可以为您处理
解决方案2
1 已采纳 2016-11-17 14:22:21
If they are passed as environment variables, there's no problem at all, because the only thing you can see in fIle contents is that variable name, and it's not a secret. 如果将它们作为环境变量传递,则完全没有问题,因为在文件内容中唯一可以看到的就是变量名,这不是秘密。 So it can be pushed to your repo without any fears. 这样就可以毫无担心地将其推送到您的回购中。
解决方案3
1 2016-11-17 14:36:44
You are correct, you can safely push secrets.yml if it doesn't actually hold the values. secrets.yml如果它实际上没有保存值,则可以安全地推送secrets.yml 。
When I use ENV (or Figaro ), I usually just eliminate the secrets.yml file, and move the ENV assignments into their relevant config or initializer file. 当我使用ENV(或Figaro )时,我通常只是消除secrets.yml文件,然后将ENV分配移到其相关的配置或初始化程序文件中。 To me, that is more clear and modular than having a secrets file in the repo. 对我来说,这比在回购中包含机密文件更为清晰和模块化。
However, one could also argue that keeping them in secrets.yml is just as clear, because that's where Rails devs know to look, and they'll immediately see they need to set them in ENV. 但是,也可能会争辩说,将它们保存在secrets.yml中也很清楚,因为这是Rails开发人员知道的外观,他们会立即看到需要在ENV中进行设置。
Just some food for thought. 只是需要深思。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.